Vulnerabilites related to Mitsubishi Electric - MELSEC iQ-R Series C Controller Module
jvndb-2020-001591
Vulnerability from jvndb
Published
2020-02-18 12:10
Modified
2020-02-18 12:10
Summary
Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000
Details
MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called "URGENT/11" in TCP/IP function (IPnet) of VxWorks, a real-time OS distributed by Wind River.
* Q24DHCCPU-V and Q24DHCCPU-VG
* Buffer Error (CWE-119) - CVE-2019-12255
* Buffer Error (CWE-119) - CVE-2019-12257
* Session Fixation (CWE-384) - CVE-2019-12258
* NULL Pointer Dereference (CWE-476) - CVE-2019-12259
* Buffer Error (CWE-119) - CVE-2019-12261
* Improper Access Control (CWE-284) - CVE-2019-12262
* Buffer Error (CWE-119) - CVE-2019-12263
* Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264
* Improper Management of System Resources (CWE-399) - CVE-2019-12265
* R12CCPU-V and RD55UP06-V
* Buffer Error (CWE-119) - CVE-2019-12256
* Session Fixation (CWE-384) - CVE-2019-12258
* NULL Pointer Dereference (CWE-476) - CVE-2019-12259
* Buffer Error (CWE-119) - CVE-2019-12261
* Improper Access Control (CWE-284) - CVE-2019-12262
* Buffer Error (CWE-119) - CVE-2019-12263
* Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264
* Improper Management of System Resources (CWE-399) - CVE-2019-12265
* MI5122-VW
* Buffer Error (CWE-119) - CVE-2019-12256
* Session Fixation (CWE-384) - CVE-2019-12258
* NULL Pointer Dereference (CWE-476) - CVE-2019-12259
* Buffer Error (CWE-119) - CVE-2019-12260
* Buffer Error (CWE-119) - CVE-2019-12261
* Improper Access Control (CWE-284) - CVE-2019-12262
* Buffer Error (CWE-119) - CVE-2019-12263
* Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) - CVE-2019-12264
* Improper Management of System Resources (CWE-399) - CVE-2019-12265
For the details, refer to the information provided by the developer.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-001591.html",
"dc:date": "2020-02-18T12:10+09:00",
"dcterms:issued": "2020-02-18T12:10+09:00",
"dcterms:modified": "2020-02-18T12:10+09:00",
"description": "MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called \"URGENT/11\" in TCP/IP function (IPnet) of VxWorks, a real-time OS distributed by Wind River.\r\n\r\n * Q24DHCCPU-V and Q24DHCCPU-VG\r\n * Buffer Error (CWE-119) - CVE-2019-12255\r\n * Buffer Error (CWE-119) - CVE-2019-12257\r\n * Session Fixation (CWE-384) - CVE-2019-12258\r\n * NULL Pointer Dereference (CWE-476) - CVE-2019-12259\r\n * Buffer Error (CWE-119) - CVE-2019-12261\r\n * Improper Access Control (CWE-284) - CVE-2019-12262\r\n * Buffer Error (CWE-119) - CVE-2019-12263\r\n * Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) (CWE-88) - CVE-2019-12264\r\n * Improper Management of System Resources (CWE-399) - CVE-2019-12265\r\n\r\n * R12CCPU-V and RD55UP06-V\r\n * Buffer Error (CWE-119) - CVE-2019-12256\r\n * Session Fixation (CWE-384) - CVE-2019-12258\r\n * NULL Pointer Dereference (CWE-476) - CVE-2019-12259\r\n * Buffer Error (CWE-119) - CVE-2019-12261\r\n * Improper Access Control (CWE-284) - CVE-2019-12262\r\n * Buffer Error (CWE-119) - CVE-2019-12263\r\n * Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) (CWE-88) - CVE-2019-12264\r\n * Improper Management of System Resources (CWE-399) - CVE-2019-12265\r\n\r\n * MI5122-VW\r\n * Buffer Error (CWE-119) - CVE-2019-12256\r\n * Session Fixation (CWE-384) - CVE-2019-12258\r\n * NULL Pointer Dereference (CWE-476) - CVE-2019-12259\r\n * Buffer Error (CWE-119) - CVE-2019-12260\r\n * Buffer Error (CWE-119) - CVE-2019-12261\r\n * Improper Access Control (CWE-284) - CVE-2019-12262\r\n * Buffer Error (CWE-119) - CVE-2019-12263\r\n * Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) (CWE-88) - CVE-2019-12264\r\n * Improper Management of System Resources (CWE-399) - CVE-2019-12265\r\n\r\nFor the details, refer to the information provided by the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-001591.html",
"sec:cpe": [
{
"#text": "cpe:/a:mitsubishielectric:melipc_series_mi5000",
"@product": "MELIPC Series MI5000",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/a:mitsubishielectric:melsec-q_series_c_controller_module",
"@product": "MELSEC-Q Series C Controller Module",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/a:mitsubishielectric:melsec_iq-r_series_c_controller_module",
"@product": "MELSEC iQ-R Series C Controller Module",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
},
{
"#text": "cpe:/a:mitsubishielectric:melsec_iq-r_series_c_intelligent_function_module",
"@product": "MELSEC iQ-R Series C Intelligent Function Module",
"@vendor": "Mitsubishi Electric",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2020-001591",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95424547/index.html",
"@id": "JVNVU#95424547",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5531",
"@id": "CVE-2020-5531",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5531",
"@id": "CVE-2020-5531",
"@source": "NVD"
},
{
"#text": "https://www.us-cert.gov/ics/advisories/icsa-19-274-01",
"@id": "ICSA-19-274-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/",
"@id": "TCP/IP Network Stack (IPnet, Urgent/11)",
"@source": "Related document"
}
],
"title": "Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000"
}